npm - @usebetterdev/console-cli - Versions diffs - 0.3.0-beta.2 - Mend

@usebetterdev/console-cli 0.3.0-beta.2

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (25) hide show

package/dist/check.d.ts +24 -0
package/dist/check.js +9 -0
package/dist/check.js.map +1 -0
package/dist/chunk-DYJHYSYZ.js +13 -0
package/dist/chunk-DYJHYSYZ.js.map +1 -0
package/dist/chunk-G7RB5NFW.js +31 -0
package/dist/chunk-G7RB5NFW.js.map +1 -0
package/dist/chunk-JKGOP2VK.js +161 -0
package/dist/chunk-JKGOP2VK.js.map +1 -0
package/dist/chunk-ZEP3C2V6.js +112 -0
package/dist/chunk-ZEP3C2V6.js.map +1 -0
package/dist/cli.d.ts +6 -0
package/dist/cli.js +184 -0
package/dist/cli.js.map +1 -0
package/dist/init.d.ts +32 -0
package/dist/init.js +12 -0
package/dist/init.js.map +1 -0
package/dist/migrate.d.ts +8 -0
package/dist/migrate.js +7 -0
package/dist/migrate.js.map +1 -0
package/dist/sql/console-tables.sql +32 -0
package/dist/token.d.ts +22 -0
package/dist/token.js +11 -0
package/dist/token.js.map +1 -0
package/package.json +64 -0

package/dist/check.d.ts ADDED Viewed

@@ -0,0 +1,24 @@
+interface ConsoleCheckResult {
+    check: string;
+    passed: boolean;
+    message?: string;
+}
+interface ConsoleCheckOutput {
+    passed: boolean;
+    results: ConsoleCheckResult[];
+    warnings: ConsoleCheckResult[];
+}
+/**
+ * Check console-related environment variables.
+ * Exported for unit testing.
+ */
+declare function checkEnvVars(): {
+    results: ConsoleCheckResult[];
+    warnings: ConsoleCheckResult[];
+};
+/**
+ * Run all console health checks: table structure, indexes, and env vars.
+ */
+declare function runConsoleCheck(databaseUrl: string): Promise<ConsoleCheckOutput>;
+export { type ConsoleCheckOutput, type ConsoleCheckResult, checkEnvVars, runConsoleCheck };

package/dist/check.js ADDED Viewed

@@ -0,0 +1,9 @@
+import {
+  checkEnvVars,
+  runConsoleCheck
+} from "./chunk-JKGOP2VK.js";
+export {
+  checkEnvVars,
+  runConsoleCheck
+};
+//# sourceMappingURL=check.js.map

package/dist/check.js.map ADDED Viewed

	@@ -0,0 +1 @@
1	+ {"version":3,"sources":[],"sourcesContent":[],"mappings":"","names":[]}

package/dist/chunk-DYJHYSYZ.js ADDED Viewed

@@ -0,0 +1,13 @@
+// src/migrate.ts
+import { readFileSync } from "fs";
+import { dirname, join } from "path";
+import { fileURLToPath } from "url";
+var __dirname = dirname(fileURLToPath(import.meta.url));
+function generateConsoleMigrationSql() {
+  return readFileSync(join(__dirname, "sql/console-tables.sql"), "utf-8");
+}
+export {
+  generateConsoleMigrationSql
+};
+//# sourceMappingURL=chunk-DYJHYSYZ.js.map

package/dist/chunk-DYJHYSYZ.js.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"sources":["../src/migrate.ts"],"sourcesContent":["import { readFileSync } from \"node:fs\";\nimport { dirname, join } from \"node:path\";\nimport { fileURLToPath } from \"node:url\";\n\nconst __dirname = dirname(fileURLToPath(import.meta.url));\n\n/**\n * Load and return the console tables SQL migration.\n * This SQL creates both `better_console_sessions` and `better_console_magic_links`\n * tables with all required columns and indexes.\n */\nexport function generateConsoleMigrationSql(): string {\n return readFileSync(join(__dirname, \"sql/console-tables.sql\"), \"utf-8\");\n}\n"],"mappings":";AAAA,SAAS,oBAAoB;AAC7B,SAAS,SAAS,YAAY;AAC9B,SAAS,qBAAqB;AAE9B,IAAM,YAAY,QAAQ,cAAc,YAAY,GAAG,CAAC;AAOjD,SAAS,8BAAsC;AACpD,SAAO,aAAa,KAAK,WAAW,wBAAwB,GAAG,OAAO;AACxE;","names":[]}

package/dist/chunk-G7RB5NFW.js ADDED Viewed

@@ -0,0 +1,31 @@
+// src/token.ts
+function bytesToHex(bytes) {
+  let hex = "";
+  for (const b of bytes) {
+    hex += b.toString(16).padStart(2, "0");
+  }
+  return hex;
+}
+function generateConnectionToken() {
+  const bytes = new Uint8Array(32);
+  globalThis.crypto.getRandomValues(bytes);
+  return bytesToHex(bytes);
+}
+async function hashConnectionToken(token) {
+  const encoder = new TextEncoder();
+  const data = encoder.encode(token);
+  const hashBuffer = await globalThis.crypto.subtle.digest("SHA-256", data);
+  return `sha256:${bytesToHex(new Uint8Array(hashBuffer))}`;
+}
+async function generateTokenPair() {
+  const token = generateConnectionToken();
+  const hash = await hashConnectionToken(token);
+  return { token, hash };
+}
+export {
+  generateConnectionToken,
+  hashConnectionToken,
+  generateTokenPair
+};
+//# sourceMappingURL=chunk-G7RB5NFW.js.map

package/dist/chunk-G7RB5NFW.js.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"sources":["../src/token.ts"],"sourcesContent":["/**\n * Connection token utilities using the Web Crypto API.\n * Works in Node, Deno, and Bun — no node:crypto imports.\n */\n\nfunction bytesToHex(bytes: Uint8Array): string {\n let hex = \"\";\n for (const b of bytes) {\n hex += b.toString(16).padStart(2, \"0\");\n }\n return hex;\n}\n\n/**\n * Generate a connection token: 32 random bytes as a 64-char hex string.\n */\nexport function generateConnectionToken(): string {\n const bytes = new Uint8Array(32);\n globalThis.crypto.getRandomValues(bytes);\n return bytesToHex(bytes);\n}\n\n/**\n * SHA-256 hash a connection token. Returns \"sha256:<hex>\".\n */\nexport async function hashConnectionToken(token: string): Promise<string> {\n const encoder = new TextEncoder();\n const data = encoder.encode(token);\n const hashBuffer = await globalThis.crypto.subtle.digest(\"SHA-256\", data);\n return `sha256:${bytesToHex(new Uint8Array(hashBuffer))}`;\n}\n\n/**\n * Generate a token and its hash in one call.\n * Returns `{ token, hash }` where hash is \"sha256:<hex>\".\n */\nexport async function generateTokenPair(): Promise<{\n token: string;\n hash: string;\n}> {\n const token = generateConnectionToken();\n const hash = await hashConnectionToken(token);\n return { token, hash };\n}\n"],"mappings":";AAKA,SAAS,WAAW,OAA2B;AAC7C,MAAI,MAAM;AACV,aAAW,KAAK,OAAO;AACrB,WAAO,EAAE,SAAS,EAAE,EAAE,SAAS,GAAG,GAAG;AAAA,EACvC;AACA,SAAO;AACT;AAKO,SAAS,0BAAkC;AAChD,QAAM,QAAQ,IAAI,WAAW,EAAE;AAC/B,aAAW,OAAO,gBAAgB,KAAK;AACvC,SAAO,WAAW,KAAK;AACzB;AAKA,eAAsB,oBAAoB,OAAgC;AACxE,QAAM,UAAU,IAAI,YAAY;AAChC,QAAM,OAAO,QAAQ,OAAO,KAAK;AACjC,QAAM,aAAa,MAAM,WAAW,OAAO,OAAO,OAAO,WAAW,IAAI;AACxE,SAAO,UAAU,WAAW,IAAI,WAAW,UAAU,CAAC,CAAC;AACzD;AAMA,eAAsB,oBAGnB;AACD,QAAM,QAAQ,wBAAwB;AACtC,QAAM,OAAO,MAAM,oBAAoB,KAAK;AAC5C,SAAO,EAAE,OAAO,KAAK;AACvB;","names":[]}

package/dist/chunk-JKGOP2VK.js ADDED Viewed

@@ -0,0 +1,161 @@
+// src/check.ts
+import { Pool } from "pg";
+var SESSIONS_COLUMNS = [
+  "id",
+  "email",
+  "token_hash",
+  "permissions",
+  "expires_at",
+  "created_at"
+];
+var MAGIC_LINKS_COLUMNS = [
+  "id",
+  "email",
+  "code_hash",
+  "session_id",
+  "token_hash",
+  "failed_attempts",
+  "expires_at",
+  "used_at",
+  "created_at"
+];
+var EXPECTED_INDEXES = [
+  {
+    table: "better_console_sessions",
+    index: "idx_console_sessions_token_hash"
+  },
+  {
+    table: "better_console_sessions",
+    index: "idx_console_sessions_expires_at"
+  },
+  {
+    table: "better_console_magic_links",
+    index: "idx_console_magic_links_session_id"
+  },
+  {
+    table: "better_console_magic_links",
+    index: "idx_console_magic_links_expires_at"
+  }
+];
+var VALID_TOKEN_HASH = /^(sha256:)?[0-9a-f]{64}$/;
+async function checkTableColumns(pool, tableName, expectedColumns) {
+  const results = [];
+  const prefix = tableName;
+  const r = await pool.query(
+    `SELECT column_name FROM information_schema.columns
+     WHERE table_schema = 'public' AND table_name = $1
+     ORDER BY ordinal_position`,
+    [tableName]
+  );
+  const cols = r.rows.map(
+    (row) => row.column_name
+  );
+  if (cols.length === 0) {
+    results.push({
+      check: `${prefix} table exists`,
+      passed: false,
+      message: `${tableName} table not found`
+    });
+    return results;
+  }
+  results.push({ check: `${prefix} table exists`, passed: true });
+  for (const col of expectedColumns) {
+    const ok = cols.includes(col);
+    const result = {
+      check: `${prefix}.${col}`,
+      passed: ok
+    };
+    if (!ok) {
+      result.message = `missing column: ${col}`;
+    }
+    results.push(result);
+  }
+  return results;
+}
+async function checkIndexes(pool) {
+  const results = [];
+  for (const { table, index } of EXPECTED_INDEXES) {
+    const r = await pool.query(
+      `SELECT 1 FROM pg_indexes
+       WHERE schemaname = 'public' AND tablename = $1 AND indexname = $2`,
+      [table, index]
+    );
+    const exists = r.rows.length > 0;
+    const result = {
+      check: `index ${index}`,
+      passed: exists
+    };
+    if (!exists) {
+      result.message = `index ${index} not found on ${table}`;
+    }
+    results.push(result);
+  }
+  return results;
+}
+function checkEnvVars() {
+  const results = [];
+  const warnings = [];
+  const tokenHash = process.env.BETTER_CONSOLE_TOKEN_HASH;
+  if (tokenHash === void 0 || tokenHash.length === 0) {
+    results.push({
+      check: "BETTER_CONSOLE_TOKEN_HASH is set",
+      passed: false,
+      message: "BETTER_CONSOLE_TOKEN_HASH env var is not set"
+    });
+  } else if (!VALID_TOKEN_HASH.test(tokenHash)) {
+    results.push({
+      check: "BETTER_CONSOLE_TOKEN_HASH format",
+      passed: false,
+      message: 'BETTER_CONSOLE_TOKEN_HASH is malformed \u2014 expected "sha256:<64 hex chars>" or raw 64 hex chars'
+    });
+  } else {
+    results.push({
+      check: "BETTER_CONSOLE_TOKEN_HASH is set",
+      passed: true
+    });
+  }
+  const allowedEmails = process.env.BETTER_CONSOLE_ALLOWED_EMAILS;
+  if (allowedEmails === void 0 || allowedEmails.length === 0) {
+    warnings.push({
+      check: "BETTER_CONSOLE_ALLOWED_EMAILS is set",
+      passed: false,
+      message: "BETTER_CONSOLE_ALLOWED_EMAILS not set \u2014 only needed for magic link mode"
+    });
+  }
+  return { results, warnings };
+}
+async function runConsoleCheck(databaseUrl) {
+  const pool = new Pool({ connectionString: databaseUrl });
+  const results = [];
+  const warnings = [];
+  try {
+    results.push(
+      ...await checkTableColumns(
+        pool,
+        "better_console_sessions",
+        SESSIONS_COLUMNS
+      )
+    );
+    results.push(
+      ...await checkTableColumns(
+        pool,
+        "better_console_magic_links",
+        MAGIC_LINKS_COLUMNS
+      )
+    );
+    results.push(...await checkIndexes(pool));
+    const envChecks = checkEnvVars();
+    results.push(...envChecks.results);
+    warnings.push(...envChecks.warnings);
+  } finally {
+    await pool.end();
+  }
+  const passed = results.every((r) => r.passed);
+  return { passed, results, warnings };
+}
+export {
+  checkEnvVars,
+  runConsoleCheck
+};
+//# sourceMappingURL=chunk-JKGOP2VK.js.map

package/dist/chunk-JKGOP2VK.js.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"sources":["../src/check.ts"],"sourcesContent":["import { Pool } from \"pg\";\n\nexport interface ConsoleCheckResult {\n check: string;\n passed: boolean;\n message?: string;\n}\n\nexport interface ConsoleCheckOutput {\n passed: boolean;\n results: ConsoleCheckResult[];\n warnings: ConsoleCheckResult[];\n}\n\nconst SESSIONS_COLUMNS = [\n \"id\",\n \"email\",\n \"token_hash\",\n \"permissions\",\n \"expires_at\",\n \"created_at\",\n];\n\nconst MAGIC_LINKS_COLUMNS = [\n \"id\",\n \"email\",\n \"code_hash\",\n \"session_id\",\n \"token_hash\",\n \"failed_attempts\",\n \"expires_at\",\n \"used_at\",\n \"created_at\",\n];\n\nconst EXPECTED_INDEXES: ReadonlyArray<{\n table: string;\n index: string;\n}> = [\n {\n table: \"better_console_sessions\",\n index: \"idx_console_sessions_token_hash\",\n },\n {\n table: \"better_console_sessions\",\n index: \"idx_console_sessions_expires_at\",\n },\n {\n table: \"better_console_magic_links\",\n index: \"idx_console_magic_links_session_id\",\n },\n {\n table: \"better_console_magic_links\",\n index: \"idx_console_magic_links_expires_at\",\n },\n];\n\n/** Matches \"sha256:\" followed by exactly 64 hex chars, or just 64 hex chars. */\nconst VALID_TOKEN_HASH = /^(sha256:)?[0-9a-f]{64}$/;\n\nasync function checkTableColumns(\n pool: Pool,\n tableName: string,\n expectedColumns: readonly string[],\n): Promise<ConsoleCheckResult[]> {\n const results: ConsoleCheckResult[] = [];\n const prefix = tableName;\n\n const r = await pool.query(\n `SELECT column_name FROM information_schema.columns\n WHERE table_schema = 'public' AND table_name = $1\n ORDER BY ordinal_position`,\n [tableName],\n );\n const cols = (r.rows as { column_name: string }[]).map(\n (row) => row.column_name,\n );\n\n if (cols.length === 0) {\n results.push({\n check: `${prefix} table exists`,\n passed: false,\n message: `${tableName} table not found`,\n });\n return results;\n }\n results.push({ check: `${prefix} table exists`, passed: true });\n\n for (const col of expectedColumns) {\n const ok = cols.includes(col);\n const result: ConsoleCheckResult = {\n check: `${prefix}.${col}`,\n passed: ok,\n };\n if (!ok) {\n result.message = `missing column: ${col}`;\n }\n results.push(result);\n }\n\n return results;\n}\n\nasync function checkIndexes(pool: Pool): Promise<ConsoleCheckResult[]> {\n const results: ConsoleCheckResult[] = [];\n\n for (const { table, index } of EXPECTED_INDEXES) {\n const r = await pool.query(\n `SELECT 1 FROM pg_indexes\n WHERE schemaname = 'public' AND tablename = $1 AND indexname = $2`,\n [table, index],\n );\n const exists = r.rows.length > 0;\n const result: ConsoleCheckResult = {\n check: `index ${index}`,\n passed: exists,\n };\n if (!exists) {\n result.message = `index ${index} not found on ${table}`;\n }\n results.push(result);\n }\n\n return results;\n}\n\n/**\n * Check console-related environment variables.\n * Exported for unit testing.\n */\nexport function checkEnvVars(): {\n results: ConsoleCheckResult[];\n warnings: ConsoleCheckResult[];\n} {\n const results: ConsoleCheckResult[] = [];\n const warnings: ConsoleCheckResult[] = [];\n\n const tokenHash = process.env.BETTER_CONSOLE_TOKEN_HASH;\n\n if (tokenHash === undefined || tokenHash.length === 0) {\n results.push({\n check: \"BETTER_CONSOLE_TOKEN_HASH is set\",\n passed: false,\n message: \"BETTER_CONSOLE_TOKEN_HASH env var is not set\",\n });\n } else if (!VALID_TOKEN_HASH.test(tokenHash)) {\n results.push({\n check: \"BETTER_CONSOLE_TOKEN_HASH format\",\n passed: false,\n message:\n 'BETTER_CONSOLE_TOKEN_HASH is malformed — expected \"sha256:<64 hex chars>\" or raw 64 hex chars',\n });\n } else {\n results.push({\n check: \"BETTER_CONSOLE_TOKEN_HASH is set\",\n passed: true,\n });\n }\n\n const allowedEmails = process.env.BETTER_CONSOLE_ALLOWED_EMAILS;\n if (allowedEmails === undefined || allowedEmails.length === 0) {\n warnings.push({\n check: \"BETTER_CONSOLE_ALLOWED_EMAILS is set\",\n passed: false,\n message:\n \"BETTER_CONSOLE_ALLOWED_EMAILS not set — only needed for magic link mode\",\n });\n }\n\n return { results, warnings };\n}\n\n/**\n * Run all console health checks: table structure, indexes, and env vars.\n */\nexport async function runConsoleCheck(\n databaseUrl: string,\n): Promise<ConsoleCheckOutput> {\n const pool = new Pool({ connectionString: databaseUrl });\n const results: ConsoleCheckResult[] = [];\n const warnings: ConsoleCheckResult[] = [];\n\n try {\n results.push(\n ...(await checkTableColumns(\n pool,\n \"better_console_sessions\",\n SESSIONS_COLUMNS,\n )),\n );\n results.push(\n ...(await checkTableColumns(\n pool,\n \"better_console_magic_links\",\n MAGIC_LINKS_COLUMNS,\n )),\n );\n results.push(...(await checkIndexes(pool)));\n\n const envChecks = checkEnvVars();\n results.push(...envChecks.results);\n warnings.push(...envChecks.warnings);\n } finally {\n await pool.end();\n }\n\n const passed = results.every((r) => r.passed);\n return { passed, results, warnings };\n}\n"],"mappings":";AAAA,SAAS,YAAY;AAcrB,IAAM,mBAAmB;AAAA,EACvB;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AACF;AAEA,IAAM,sBAAsB;AAAA,EAC1B;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AACF;AAEA,IAAM,mBAGD;AAAA,EACH;AAAA,IACE,OAAO;AAAA,IACP,OAAO;AAAA,EACT;AAAA,EACA;AAAA,IACE,OAAO;AAAA,IACP,OAAO;AAAA,EACT;AAAA,EACA;AAAA,IACE,OAAO;AAAA,IACP,OAAO;AAAA,EACT;AAAA,EACA;AAAA,IACE,OAAO;AAAA,IACP,OAAO;AAAA,EACT;AACF;AAGA,IAAM,mBAAmB;AAEzB,eAAe,kBACb,MACA,WACA,iBAC+B;AAC/B,QAAM,UAAgC,CAAC;AACvC,QAAM,SAAS;AAEf,QAAM,IAAI,MAAM,KAAK;AAAA,IACnB;AAAA;AAAA;AAAA,IAGA,CAAC,SAAS;AAAA,EACZ;AACA,QAAM,OAAQ,EAAE,KAAmC;AAAA,IACjD,CAAC,QAAQ,IAAI;AAAA,EACf;AAEA,MAAI,KAAK,WAAW,GAAG;AACrB,YAAQ,KAAK;AAAA,MACX,OAAO,GAAG,MAAM;AAAA,MAChB,QAAQ;AAAA,MACR,SAAS,GAAG,SAAS;AAAA,IACvB,CAAC;AACD,WAAO;AAAA,EACT;AACA,UAAQ,KAAK,EAAE,OAAO,GAAG,MAAM,iBAAiB,QAAQ,KAAK,CAAC;AAE9D,aAAW,OAAO,iBAAiB;AACjC,UAAM,KAAK,KAAK,SAAS,GAAG;AAC5B,UAAM,SAA6B;AAAA,MACjC,OAAO,GAAG,MAAM,IAAI,GAAG;AAAA,MACvB,QAAQ;AAAA,IACV;AACA,QAAI,CAAC,IAAI;AACP,aAAO,UAAU,mBAAmB,GAAG;AAAA,IACzC;AACA,YAAQ,KAAK,MAAM;AAAA,EACrB;AAEA,SAAO;AACT;AAEA,eAAe,aAAa,MAA2C;AACrE,QAAM,UAAgC,CAAC;AAEvC,aAAW,EAAE,OAAO,MAAM,KAAK,kBAAkB;AAC/C,UAAM,IAAI,MAAM,KAAK;AAAA,MACnB;AAAA;AAAA,MAEA,CAAC,OAAO,KAAK;AAAA,IACf;AACA,UAAM,SAAS,EAAE,KAAK,SAAS;AAC/B,UAAM,SAA6B;AAAA,MACjC,OAAO,SAAS,KAAK;AAAA,MACrB,QAAQ;AAAA,IACV;AACA,QAAI,CAAC,QAAQ;AACX,aAAO,UAAU,SAAS,KAAK,iBAAiB,KAAK;AAAA,IACvD;AACA,YAAQ,KAAK,MAAM;AAAA,EACrB;AAEA,SAAO;AACT;AAMO,SAAS,eAGd;AACA,QAAM,UAAgC,CAAC;AACvC,QAAM,WAAiC,CAAC;AAExC,QAAM,YAAY,QAAQ,IAAI;AAE9B,MAAI,cAAc,UAAa,UAAU,WAAW,GAAG;AACrD,YAAQ,KAAK;AAAA,MACX,OAAO;AAAA,MACP,QAAQ;AAAA,MACR,SAAS;AAAA,IACX,CAAC;AAAA,EACH,WAAW,CAAC,iBAAiB,KAAK,SAAS,GAAG;AAC5C,YAAQ,KAAK;AAAA,MACX,OAAO;AAAA,MACP,QAAQ;AAAA,MACR,SACE;AAAA,IACJ,CAAC;AAAA,EACH,OAAO;AACL,YAAQ,KAAK;AAAA,MACX,OAAO;AAAA,MACP,QAAQ;AAAA,IACV,CAAC;AAAA,EACH;AAEA,QAAM,gBAAgB,QAAQ,IAAI;AAClC,MAAI,kBAAkB,UAAa,cAAc,WAAW,GAAG;AAC7D,aAAS,KAAK;AAAA,MACZ,OAAO;AAAA,MACP,QAAQ;AAAA,MACR,SACE;AAAA,IACJ,CAAC;AAAA,EACH;AAEA,SAAO,EAAE,SAAS,SAAS;AAC7B;AAKA,eAAsB,gBACpB,aAC6B;AAC7B,QAAM,OAAO,IAAI,KAAK,EAAE,kBAAkB,YAAY,CAAC;AACvD,QAAM,UAAgC,CAAC;AACvC,QAAM,WAAiC,CAAC;AAExC,MAAI;AACF,YAAQ;AAAA,MACN,GAAI,MAAM;AAAA,QACR;AAAA,QACA;AAAA,QACA;AAAA,MACF;AAAA,IACF;AACA,YAAQ;AAAA,MACN,GAAI,MAAM;AAAA,QACR;AAAA,QACA;AAAA,QACA;AAAA,MACF;AAAA,IACF;AACA,YAAQ,KAAK,GAAI,MAAM,aAAa,IAAI,CAAE;AAE1C,UAAM,YAAY,aAAa;AAC/B,YAAQ,KAAK,GAAG,UAAU,OAAO;AACjC,aAAS,KAAK,GAAG,UAAU,QAAQ;AAAA,EACrC,UAAE;AACA,UAAM,KAAK,IAAI;AAAA,EACjB;AAEA,QAAM,SAAS,QAAQ,MAAM,CAAC,MAAM,EAAE,MAAM;AAC5C,SAAO,EAAE,QAAQ,SAAS,SAAS;AACrC;","names":[]}

package/dist/chunk-ZEP3C2V6.js ADDED Viewed

@@ -0,0 +1,112 @@
+import {
+  generateTokenPair
+} from "./chunk-G7RB5NFW.js";
+// src/init.ts
+import pc from "picocolors";
+import {
+  intro,
+  outro,
+  text,
+  note,
+  cancel,
+  isCancel
+} from "@clack/prompts";
+var InitCancelledError = class extends Error {
+  constructor() {
+    super("Init cancelled.");
+    this.name = "InitCancelledError";
+  }
+};
+var CONTROL_CHARS = /[\x00-\x1f\x7f]/;
+function validateEmail(value) {
+  const trimmed = value.trim();
+  if (!trimmed) {
+    return "Email is required";
+  }
+  if (CONTROL_CHARS.test(trimmed)) {
+    return "Email must not contain control characters";
+  }
+  if (!trimmed.includes("@")) {
+    return "Must be a valid email address";
+  }
+  return void 0;
+}
+async function runInit(flags) {
+  const nonInteractive = flags?.nonInteractive === true;
+  const emailFlag = flags?.email;
+  if (nonInteractive && !emailFlag) {
+    throw new Error("--email is required in non-interactive mode");
+  }
+  if (!nonInteractive) {
+    intro("better-console init");
+  }
+  const { token, hash } = await generateTokenPair();
+  let email;
+  if (emailFlag) {
+    const validationError = validateEmail(emailFlag);
+    if (validationError) {
+      throw new Error(`Invalid --email: ${validationError}`);
+    }
+    email = emailFlag.trim();
+  } else {
+    const emailInput = await text({
+      message: "Admin email address",
+      placeholder: "admin@myapp.com",
+      validate: validateEmail
+    });
+    if (isCancel(emailInput)) {
+      cancel("Init cancelled.");
+      throw new InitCancelledError();
+    }
+    email = emailInput;
+  }
+  const envBlock = [
+    `BETTER_CONSOLE_TOKEN_HASH=${hash}`,
+    `BETTER_CONSOLE_ALLOWED_EMAILS=${email}`
+  ].join("\n");
+  const tokenNote = [
+    pc.bold("Connection token (save this \u2014 it won't be shown again):"),
+    "",
+    pc.green(token)
+  ].join("\n");
+  const nextStepsText = [
+    pc.bold(pc.yellow("1.")) + pc.bold(" Add env vars to your .env file:"),
+    "",
+    pc.blue(`   BETTER_CONSOLE_TOKEN_HASH=${hash}`),
+    pc.blue(`   BETTER_CONSOLE_ALLOWED_EMAILS=${email}`),
+    "",
+    pc.bold(pc.yellow("2.")) + pc.bold(" Add console middleware to your app"),
+    "",
+    pc.bold(pc.yellow("3.")) + pc.bold(" Create console tables (if not using Drizzle push):"),
+    "",
+    pc.green("   $ npx @usebetterdev/console-cli migrate --dry-run"),
+    "",
+    pc.bold(pc.yellow("4.")) + pc.bold(" Verify setup:"),
+    "",
+    pc.green(
+      "   $ npx @usebetterdev/console-cli check --database-url $DATABASE_URL"
+    )
+  ].join("\n");
+  if (nonInteractive) {
+    console.log(tokenNote);
+    console.log("");
+    console.log(envBlock);
+    console.log("");
+    console.log(pc.bold("Next steps:"));
+    console.log(nextStepsText);
+  } else {
+    note(tokenNote, "Connection token");
+    note(envBlock, "Environment variables");
+    note(nextStepsText, "Next steps");
+    outro("Console initialized!");
+  }
+  return { token, hash, email };
+}
+export {
+  InitCancelledError,
+  validateEmail,
+  runInit
+};
+//# sourceMappingURL=chunk-ZEP3C2V6.js.map

package/dist/chunk-ZEP3C2V6.js.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"sources":["../src/init.ts"],"sourcesContent":["import pc from \"picocolors\";\nimport {\n intro,\n outro,\n text,\n note,\n cancel,\n isCancel,\n} from \"@clack/prompts\";\nimport { generateTokenPair } from \"./token.js\";\n\nexport interface InitFlags {\n email?: string | undefined;\n nonInteractive?: boolean | undefined;\n}\n\nexport interface InitOutput {\n token: string;\n hash: string;\n email: string;\n}\n\nexport class InitCancelledError extends Error {\n constructor() {\n super(\"Init cancelled.\");\n this.name = \"InitCancelledError\";\n }\n}\n\nconst CONTROL_CHARS = /[\\x00-\\x1f\\x7f]/;\n\n/**\n * Validate an email address for use in env output.\n * Rejects control characters/newlines that could inject extra env lines.\n * Returns an error message string on failure, or undefined on success.\n */\nexport function validateEmail(value: string): string | undefined {\n const trimmed = value.trim();\n if (!trimmed) {\n return \"Email is required\";\n }\n if (CONTROL_CHARS.test(trimmed)) {\n return \"Email must not contain control characters\";\n }\n if (!trimmed.includes(\"@\")) {\n return \"Must be a valid email address\";\n }\n return undefined;\n}\n\n/**\n * Run the console init flow.\n *\n * Generates a connection token pair and prompts for an admin email.\n * In non-interactive mode (`-n`), `--email` is required.\n *\n * Returns the generated output for programmatic use; also prints\n * env vars and next steps to stdout.\n *\n * Throws `InitCancelledError` if the user cancels a prompt.\n */\nexport async function runInit(flags?: InitFlags): Promise<InitOutput> {\n const nonInteractive = flags?.nonInteractive === true;\n const emailFlag = flags?.email;\n\n if (nonInteractive && !emailFlag) {\n throw new Error(\"--email is required in non-interactive mode\");\n }\n\n if (!nonInteractive) {\n intro(\"better-console init\");\n }\n\n const { token, hash } = await generateTokenPair();\n\n let email: string;\n\n if (emailFlag) {\n const validationError = validateEmail(emailFlag);\n if (validationError) {\n throw new Error(`Invalid --email: ${validationError}`);\n }\n email = emailFlag.trim();\n } else {\n const emailInput = await text({\n message: \"Admin email address\",\n placeholder: \"admin@myapp.com\",\n validate: validateEmail,\n });\n if (isCancel(emailInput)) {\n cancel(\"Init cancelled.\");\n throw new InitCancelledError();\n }\n email = emailInput;\n }\n\n const envBlock = [\n `BETTER_CONSOLE_TOKEN_HASH=${hash}`,\n `BETTER_CONSOLE_ALLOWED_EMAILS=${email}`,\n ].join(\"\\n\");\n\n const tokenNote = [\n pc.bold(\"Connection token (save this — it won't be shown again):\"),\n \"\",\n pc.green(token),\n ].join(\"\\n\");\n\n const nextStepsText = [\n pc.bold(pc.yellow(\"1.\")) +\n pc.bold(\" Add env vars to your .env file:\"),\n \"\",\n pc.blue(` BETTER_CONSOLE_TOKEN_HASH=${hash}`),\n pc.blue(` BETTER_CONSOLE_ALLOWED_EMAILS=${email}`),\n \"\",\n pc.bold(pc.yellow(\"2.\")) +\n pc.bold(\" Add console middleware to your app\"),\n \"\",\n pc.bold(pc.yellow(\"3.\")) +\n pc.bold(\" Create console tables (if not using Drizzle push):\"),\n \"\",\n pc.green(\" $ npx @usebetterdev/console-cli migrate --dry-run\"),\n \"\",\n pc.bold(pc.yellow(\"4.\")) +\n pc.bold(\" Verify setup:\"),\n \"\",\n pc.green(\n \" $ npx @usebetterdev/console-cli check --database-url $DATABASE_URL\",\n ),\n ].join(\"\\n\");\n\n if (nonInteractive) {\n console.log(tokenNote);\n console.log(\"\");\n console.log(envBlock);\n console.log(\"\");\n console.log(pc.bold(\"Next steps:\"));\n console.log(nextStepsText);\n } else {\n note(tokenNote, \"Connection token\");\n note(envBlock, \"Environment variables\");\n note(nextStepsText, \"Next steps\");\n outro(\"Console initialized!\");\n }\n\n return { token, hash, email };\n}\n"],"mappings":";;;;;AAAA,OAAO,QAAQ;AACf;AAAA,EACE;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,OACK;AAcA,IAAM,qBAAN,cAAiC,MAAM;AAAA,EAC5C,cAAc;AACZ,UAAM,iBAAiB;AACvB,SAAK,OAAO;AAAA,EACd;AACF;AAEA,IAAM,gBAAgB;AAOf,SAAS,cAAc,OAAmC;AAC/D,QAAM,UAAU,MAAM,KAAK;AAC3B,MAAI,CAAC,SAAS;AACZ,WAAO;AAAA,EACT;AACA,MAAI,cAAc,KAAK,OAAO,GAAG;AAC/B,WAAO;AAAA,EACT;AACA,MAAI,CAAC,QAAQ,SAAS,GAAG,GAAG;AAC1B,WAAO;AAAA,EACT;AACA,SAAO;AACT;AAaA,eAAsB,QAAQ,OAAwC;AACpE,QAAM,iBAAiB,OAAO,mBAAmB;AACjD,QAAM,YAAY,OAAO;AAEzB,MAAI,kBAAkB,CAAC,WAAW;AAChC,UAAM,IAAI,MAAM,6CAA6C;AAAA,EAC/D;AAEA,MAAI,CAAC,gBAAgB;AACnB,UAAM,qBAAqB;AAAA,EAC7B;AAEA,QAAM,EAAE,OAAO,KAAK,IAAI,MAAM,kBAAkB;AAEhD,MAAI;AAEJ,MAAI,WAAW;AACb,UAAM,kBAAkB,cAAc,SAAS;AAC/C,QAAI,iBAAiB;AACnB,YAAM,IAAI,MAAM,oBAAoB,eAAe,EAAE;AAAA,IACvD;AACA,YAAQ,UAAU,KAAK;AAAA,EACzB,OAAO;AACL,UAAM,aAAa,MAAM,KAAK;AAAA,MAC5B,SAAS;AAAA,MACT,aAAa;AAAA,MACb,UAAU;AAAA,IACZ,CAAC;AACD,QAAI,SAAS,UAAU,GAAG;AACxB,aAAO,iBAAiB;AACxB,YAAM,IAAI,mBAAmB;AAAA,IAC/B;AACA,YAAQ;AAAA,EACV;AAEA,QAAM,WAAW;AAAA,IACf,6BAA6B,IAAI;AAAA,IACjC,iCAAiC,KAAK;AAAA,EACxC,EAAE,KAAK,IAAI;AAEX,QAAM,YAAY;AAAA,IAChB,GAAG,KAAK,8DAAyD;AAAA,IACjE;AAAA,IACA,GAAG,MAAM,KAAK;AAAA,EAChB,EAAE,KAAK,IAAI;AAEX,QAAM,gBAAgB;AAAA,IACpB,GAAG,KAAK,GAAG,OAAO,IAAI,CAAC,IACrB,GAAG,KAAK,kCAAkC;AAAA,IAC5C;AAAA,IACA,GAAG,KAAK,gCAAgC,IAAI,EAAE;AAAA,IAC9C,GAAG,KAAK,oCAAoC,KAAK,EAAE;AAAA,IACnD;AAAA,IACA,GAAG,KAAK,GAAG,OAAO,IAAI,CAAC,IACrB,GAAG,KAAK,qCAAqC;AAAA,IAC/C;AAAA,IACA,GAAG,KAAK,GAAG,OAAO,IAAI,CAAC,IACrB,GAAG,KAAK,qDAAqD;AAAA,IAC/D;AAAA,IACA,GAAG,MAAM,sDAAsD;AAAA,IAC/D;AAAA,IACA,GAAG,KAAK,GAAG,OAAO,IAAI,CAAC,IACrB,GAAG,KAAK,gBAAgB;AAAA,IAC1B;AAAA,IACA,GAAG;AAAA,MACD;AAAA,IACF;AAAA,EACF,EAAE,KAAK,IAAI;AAEX,MAAI,gBAAgB;AAClB,YAAQ,IAAI,SAAS;AACrB,YAAQ,IAAI,EAAE;AACd,YAAQ,IAAI,QAAQ;AACpB,YAAQ,IAAI,EAAE;AACd,YAAQ,IAAI,GAAG,KAAK,aAAa,CAAC;AAClC,YAAQ,IAAI,aAAa;AAAA,EAC3B,OAAO;AACL,SAAK,WAAW,kBAAkB;AAClC,SAAK,UAAU,uBAAuB;AACtC,SAAK,eAAe,YAAY;AAChC,UAAM,sBAAsB;AAAA,EAC9B;AAEA,SAAO,EAAE,OAAO,MAAM,MAAM;AAC9B;","names":[]}

package/dist/cli.d.ts ADDED Viewed

@@ -0,0 +1,6 @@
+#!/usr/bin/env node
+import { Command } from 'commander';
+declare const program: Command;
+export { program };

package/dist/cli.js ADDED Viewed

@@ -0,0 +1,184 @@
+#!/usr/bin/env node
+import {
+  runConsoleCheck
+} from "./chunk-JKGOP2VK.js";
+import {
+  InitCancelledError,
+  runInit
+} from "./chunk-ZEP3C2V6.js";
+import {
+  generateConsoleMigrationSql
+} from "./chunk-DYJHYSYZ.js";
+import {
+  generateTokenPair
+} from "./chunk-G7RB5NFW.js";
+// src/cli.ts
+import { existsSync, mkdirSync, readFileSync, writeFileSync } from "fs";
+import { dirname, join } from "path";
+import { fileURLToPath } from "url";
+import { Command } from "commander";
+import pc from "picocolors";
+function formatDate() {
+  const d = /* @__PURE__ */ new Date();
+  const y = d.getFullYear();
+  const m = String(d.getMonth() + 1).padStart(2, "0");
+  const day = String(d.getDate()).padStart(2, "0");
+  const h = String(d.getHours()).padStart(2, "0");
+  const min = String(d.getMinutes()).padStart(2, "0");
+  const sec = String(d.getSeconds()).padStart(2, "0");
+  return `${y}${m}${day}_${h}${min}${sec}`;
+}
+function writeSqlOutput(sql, output, defaultFilename, force) {
+  let filePath;
+  if (output.endsWith(".sql")) {
+    mkdirSync(dirname(output), { recursive: true });
+    filePath = output;
+  } else {
+    mkdirSync(output, { recursive: true });
+    filePath = join(output, defaultFilename);
+  }
+  if (existsSync(filePath) && !force) {
+    console.error(
+      pc.red(`File already exists: ${filePath}`)
+    );
+    console.error(pc.dim("Use --force to overwrite."));
+    return false;
+  }
+  writeFileSync(filePath, sql, "utf-8");
+  console.log(`${pc.green("\u2713")} Wrote ${filePath}`);
+  return true;
+}
+var __dirname = dirname(fileURLToPath(import.meta.url));
+var { version } = JSON.parse(
+  readFileSync(join(__dirname, "../package.json"), "utf-8")
+);
+var program = new Command();
+program.name("better-console").description("CLI for Better Console").version(version);
+program.command("init").description("Generate a connection token and print environment variables").option("--email <email>", "Admin email (skips prompt)").option("-n, --non-interactive", "Disable all prompts (requires --email)").action(
+  async (opts) => {
+    try {
+      await runInit({
+        email: opts.email,
+        nonInteractive: opts.nonInteractive
+      });
+    } catch (err) {
+      if (err instanceof InitCancelledError) {
+        process.exit(0);
+      }
+      const message = err instanceof Error ? err.message : String(err);
+      console.error(pc.red(message));
+      process.exit(1);
+    }
+  }
+);
+program.command("migrate").description("Generate SQL to create console tables").option("--dry-run", "Print SQL to stdout").option("--force", "Overwrite existing file").option(
+  "-o, --output <path>",
+  "Write to file (.sql) or directory (default: ./console-migrations)"
+).action(
+  async (opts) => {
+    try {
+      const sql = generateConsoleMigrationSql();
+      if (opts.dryRun) {
+        process.stdout.write(sql);
+        return;
+      }
+      const output = opts.output ?? join(process.cwd(), "console-migrations");
+      const defaultFilename = `${formatDate()}_better_console_tables.sql`;
+      const written = writeSqlOutput(
+        sql,
+        output,
+        defaultFilename,
+        opts.force === true
+      );
+      if (!written) {
+        process.exit(1);
+      }
+    } catch (err) {
+      const message = err instanceof Error ? err.message : String(err);
+      console.error(pc.red(message));
+      process.exit(1);
+    }
+  }
+);
+var tokenCmd = program.command("token").description("Manage connection tokens");
+tokenCmd.command("generate").description("Generate a new connection token pair").action(async () => {
+  try {
+    const { token, hash } = await generateTokenPair();
+    console.log(
+      pc.bold("Connection token (save this \u2014 it won't be shown again):")
+    );
+    console.log(pc.green(token));
+    console.log("");
+    console.log(pc.bold("Token hash (add to your .env):"));
+    console.log(`BETTER_CONSOLE_TOKEN_HASH=${hash}`);
+  } catch (err) {
+    const message = err instanceof Error ? err.message : String(err);
+    console.error(pc.red(message));
+    process.exit(1);
+  }
+});
+tokenCmd.command("rotate").description("Generate a new token (invalidates all existing sessions)").action(async () => {
+  try {
+    console.log(
+      pc.yellow(
+        "Warning: rotating the connection token will invalidate all existing console sessions."
+      )
+    );
+    console.log("");
+    const { token, hash } = await generateTokenPair();
+    console.log(
+      pc.bold(
+        "New connection token (save this \u2014 it won't be shown again):"
+      )
+    );
+    console.log(pc.green(token));
+    console.log("");
+    console.log(pc.bold("New token hash (update your .env):"));
+    console.log(`BETTER_CONSOLE_TOKEN_HASH=${hash}`);
+  } catch (err) {
+    const message = err instanceof Error ? err.message : String(err);
+    console.error(pc.red(message));
+    process.exit(1);
+  }
+});
+program.command("check").description("Verify console tables, indexes, and environment variables").option("--database-url <url>", "Database URL (default: DATABASE_URL env)").action(async (opts) => {
+  const url = opts.databaseUrl ?? process.env.DATABASE_URL;
+  if (!url || typeof url !== "string") {
+    console.error(
+      pc.red(
+        "check requires --database-url or DATABASE_URL environment variable"
+      )
+    );
+    process.exit(1);
+  }
+  try {
+    const { passed, results, warnings } = await runConsoleCheck(url);
+    for (const w of warnings) {
+      console.log(
+        `${pc.yellow("\u26A0")} ${pc.yellow(w.check)}${w.message ? pc.dim(` ${w.message}`) : ""}`
+      );
+    }
+    for (const r of results) {
+      const icon = r.passed ? pc.green("\u2713") : pc.red("\u2717");
+      const label = r.passed ? r.check : pc.red(r.check);
+      const msg = r.message ? pc.dim(` ${r.message}`) : "";
+      console.log(`${icon} ${label}${msg}`);
+    }
+    if (!passed) {
+      process.exit(1);
+    }
+  } catch (err) {
+    const message = err instanceof Error ? err.message : String(err);
+    console.error(pc.red(message));
+    process.exit(1);
+  }
+});
+var isMain = typeof process !== "undefined" && process.argv[1] !== void 0 && (process.argv[1].endsWith("cli.js") || process.argv[1].endsWith("cli.ts") || process.argv[1].endsWith("/better-console"));
+if (isMain) {
+  program.parse();
+}
+export {
+  program
+};
+//# sourceMappingURL=cli.js.map

package/dist/cli.js.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"sources":["../src/cli.ts"],"sourcesContent":["#!/usr/bin/env node\nimport { existsSync, mkdirSync, readFileSync, writeFileSync } from \"node:fs\";\nimport { dirname, join } from \"node:path\";\nimport { fileURLToPath } from \"node:url\";\nimport { Command } from \"commander\";\nimport pc from \"picocolors\";\nimport { runInit, InitCancelledError } from \"./init.js\";\nimport { generateConsoleMigrationSql } from \"./migrate.js\";\nimport { generateTokenPair } from \"./token.js\";\nimport { runConsoleCheck } from \"./check.js\";\n\nfunction formatDate(): string {\n const d = new Date();\n const y = d.getFullYear();\n const m = String(d.getMonth() + 1).padStart(2, \"0\");\n const day = String(d.getDate()).padStart(2, \"0\");\n const h = String(d.getHours()).padStart(2, \"0\");\n const min = String(d.getMinutes()).padStart(2, \"0\");\n const sec = String(d.getSeconds()).padStart(2, \"0\");\n return `${y}${m}${day}_${h}${min}${sec}`;\n}\n\n/**\n * Write SQL to a file. If `output` ends in `.sql`, treat it as a file path.\n * Otherwise treat it as a directory and generate a timestamped filename inside it.\n * Returns false if the file already exists and `force` is not set.\n */\nfunction writeSqlOutput(\n sql: string,\n output: string,\n defaultFilename: string,\n force: boolean,\n): boolean {\n let filePath: string;\n if (output.endsWith(\".sql\")) {\n mkdirSync(dirname(output), { recursive: true });\n filePath = output;\n } else {\n mkdirSync(output, { recursive: true });\n filePath = join(output, defaultFilename);\n }\n if (existsSync(filePath) && !force) {\n console.error(\n pc.red(`File already exists: ${filePath}`),\n );\n console.error(pc.dim(\"Use --force to overwrite.\"));\n return false;\n }\n writeFileSync(filePath, sql, \"utf-8\");\n console.log(`${pc.green(\"✓\")} Wrote ${filePath}`);\n return true;\n}\n\nconst __dirname = dirname(fileURLToPath(import.meta.url));\nconst { version } = JSON.parse(\n readFileSync(join(__dirname, \"../package.json\"), \"utf-8\"),\n) as { version: string };\n\nconst program = new Command();\n\nprogram\n .name(\"better-console\")\n .description(\"CLI for Better Console\")\n .version(version);\n\n// --- init ---\nprogram\n .command(\"init\")\n .description(\"Generate a connection token and print environment variables\")\n .option(\"--email <email>\", \"Admin email (skips prompt)\")\n .option(\"-n, --non-interactive\", \"Disable all prompts (requires --email)\")\n .action(\n async (opts: { email?: string; nonInteractive?: boolean }) => {\n try {\n await runInit({\n email: opts.email,\n nonInteractive: opts.nonInteractive,\n });\n } catch (err) {\n if (err instanceof InitCancelledError) {\n process.exit(0);\n }\n const message = err instanceof Error ? err.message : String(err);\n console.error(pc.red(message));\n process.exit(1);\n }\n },\n );\n\n// --- migrate ---\nprogram\n .command(\"migrate\")\n .description(\"Generate SQL to create console tables\")\n .option(\"--dry-run\", \"Print SQL to stdout\")\n .option(\"--force\", \"Overwrite existing file\")\n .option(\n \"-o, --output <path>\",\n \"Write to file (.sql) or directory (default: ./console-migrations)\",\n )\n .action(\n async (opts: {\n dryRun?: boolean;\n force?: boolean;\n output?: string;\n }) => {\n try {\n const sql = generateConsoleMigrationSql();\n\n if (opts.dryRun) {\n process.stdout.write(sql);\n return;\n }\n\n const output =\n opts.output ?? join(process.cwd(), \"console-migrations\");\n const defaultFilename = `${formatDate()}_better_console_tables.sql`;\n const written = writeSqlOutput(\n sql,\n output,\n defaultFilename,\n opts.force === true,\n );\n if (!written) {\n process.exit(1);\n }\n } catch (err) {\n const message = err instanceof Error ? err.message : String(err);\n console.error(pc.red(message));\n process.exit(1);\n }\n },\n );\n\n// --- token (subcommand group) ---\nconst tokenCmd = program\n .command(\"token\")\n .description(\"Manage connection tokens\");\n\ntokenCmd\n .command(\"generate\")\n .description(\"Generate a new connection token pair\")\n .action(async () => {\n try {\n const { token, hash } = await generateTokenPair();\n console.log(\n pc.bold(\"Connection token (save this — it won't be shown again):\"),\n );\n console.log(pc.green(token));\n console.log(\"\");\n console.log(pc.bold(\"Token hash (add to your .env):\"));\n console.log(`BETTER_CONSOLE_TOKEN_HASH=${hash}`);\n } catch (err) {\n const message = err instanceof Error ? err.message : String(err);\n console.error(pc.red(message));\n process.exit(1);\n }\n });\n\ntokenCmd\n .command(\"rotate\")\n .description(\"Generate a new token (invalidates all existing sessions)\")\n .action(async () => {\n try {\n console.log(\n pc.yellow(\n \"Warning: rotating the connection token will invalidate all existing console sessions.\",\n ),\n );\n console.log(\"\");\n const { token, hash } = await generateTokenPair();\n console.log(\n pc.bold(\n \"New connection token (save this — it won't be shown again):\",\n ),\n );\n console.log(pc.green(token));\n console.log(\"\");\n console.log(pc.bold(\"New token hash (update your .env):\"));\n console.log(`BETTER_CONSOLE_TOKEN_HASH=${hash}`);\n } catch (err) {\n const message = err instanceof Error ? err.message : String(err);\n console.error(pc.red(message));\n process.exit(1);\n }\n });\n\n// --- check ---\nprogram\n .command(\"check\")\n .description(\"Verify console tables, indexes, and environment variables\")\n .option(\"--database-url <url>\", \"Database URL (default: DATABASE_URL env)\")\n .action(async (opts: { databaseUrl?: string }) => {\n const url = opts.databaseUrl ?? process.env.DATABASE_URL;\n if (!url || typeof url !== \"string\") {\n console.error(\n pc.red(\n \"check requires --database-url or DATABASE_URL environment variable\",\n ),\n );\n process.exit(1);\n }\n try {\n const { passed, results, warnings } = await runConsoleCheck(url);\n\n for (const w of warnings) {\n console.log(\n `${pc.yellow(\"⚠\")} ${pc.yellow(w.check)}${w.message ? pc.dim(` ${w.message}`) : \"\"}`,\n );\n }\n\n for (const r of results) {\n const icon = r.passed ? pc.green(\"✓\") : pc.red(\"✗\");\n const label = r.passed ? r.check : pc.red(r.check);\n const msg = r.message ? pc.dim(` ${r.message}`) : \"\";\n console.log(`${icon} ${label}${msg}`);\n }\n\n if (!passed) {\n process.exit(1);\n }\n } catch (err) {\n const message = err instanceof Error ? err.message : String(err);\n console.error(pc.red(message));\n process.exit(1);\n }\n });\n\nconst isMain =\n typeof process !== \"undefined\" &&\n process.argv[1] !== undefined &&\n (process.argv[1].endsWith(\"cli.js\") ||\n process.argv[1].endsWith(\"cli.ts\") ||\n process.argv[1].endsWith(\"/better-console\"));\nif (isMain) {\n program.parse();\n}\n\nexport { program };\n"],"mappings":";;;;;;;;;;;;;;;;AACA,SAAS,YAAY,WAAW,cAAc,qBAAqB;AACnE,SAAS,SAAS,YAAY;AAC9B,SAAS,qBAAqB;AAC9B,SAAS,eAAe;AACxB,OAAO,QAAQ;AAMf,SAAS,aAAqB;AAC5B,QAAM,IAAI,oBAAI,KAAK;AACnB,QAAM,IAAI,EAAE,YAAY;AACxB,QAAM,IAAI,OAAO,EAAE,SAAS,IAAI,CAAC,EAAE,SAAS,GAAG,GAAG;AAClD,QAAM,MAAM,OAAO,EAAE,QAAQ,CAAC,EAAE,SAAS,GAAG,GAAG;AAC/C,QAAM,IAAI,OAAO,EAAE,SAAS,CAAC,EAAE,SAAS,GAAG,GAAG;AAC9C,QAAM,MAAM,OAAO,EAAE,WAAW,CAAC,EAAE,SAAS,GAAG,GAAG;AAClD,QAAM,MAAM,OAAO,EAAE,WAAW,CAAC,EAAE,SAAS,GAAG,GAAG;AAClD,SAAO,GAAG,CAAC,GAAG,CAAC,GAAG,GAAG,IAAI,CAAC,GAAG,GAAG,GAAG,GAAG;AACxC;AAOA,SAAS,eACP,KACA,QACA,iBACA,OACS;AACT,MAAI;AACJ,MAAI,OAAO,SAAS,MAAM,GAAG;AAC3B,cAAU,QAAQ,MAAM,GAAG,EAAE,WAAW,KAAK,CAAC;AAC9C,eAAW;AAAA,EACb,OAAO;AACL,cAAU,QAAQ,EAAE,WAAW,KAAK,CAAC;AACrC,eAAW,KAAK,QAAQ,eAAe;AAAA,EACzC;AACA,MAAI,WAAW,QAAQ,KAAK,CAAC,OAAO;AAClC,YAAQ;AAAA,MACN,GAAG,IAAI,wBAAwB,QAAQ,EAAE;AAAA,IAC3C;AACA,YAAQ,MAAM,GAAG,IAAI,2BAA2B,CAAC;AACjD,WAAO;AAAA,EACT;AACA,gBAAc,UAAU,KAAK,OAAO;AACpC,UAAQ,IAAI,GAAG,GAAG,MAAM,QAAG,CAAC,UAAU,QAAQ,EAAE;AAChD,SAAO;AACT;AAEA,IAAM,YAAY,QAAQ,cAAc,YAAY,GAAG,CAAC;AACxD,IAAM,EAAE,QAAQ,IAAI,KAAK;AAAA,EACvB,aAAa,KAAK,WAAW,iBAAiB,GAAG,OAAO;AAC1D;AAEA,IAAM,UAAU,IAAI,QAAQ;AAE5B,QACG,KAAK,gBAAgB,EACrB,YAAY,wBAAwB,EACpC,QAAQ,OAAO;AAGlB,QACG,QAAQ,MAAM,EACd,YAAY,6DAA6D,EACzE,OAAO,mBAAmB,4BAA4B,EACtD,OAAO,yBAAyB,wCAAwC,EACxE;AAAA,EACC,OAAO,SAAuD;AAC5D,QAAI;AACF,YAAM,QAAQ;AAAA,QACZ,OAAO,KAAK;AAAA,QACZ,gBAAgB,KAAK;AAAA,MACvB,CAAC;AAAA,IACH,SAAS,KAAK;AACZ,UAAI,eAAe,oBAAoB;AACrC,gBAAQ,KAAK,CAAC;AAAA,MAChB;AACA,YAAM,UAAU,eAAe,QAAQ,IAAI,UAAU,OAAO,GAAG;AAC/D,cAAQ,MAAM,GAAG,IAAI,OAAO,CAAC;AAC7B,cAAQ,KAAK,CAAC;AAAA,IAChB;AAAA,EACF;AACF;AAGF,QACG,QAAQ,SAAS,EACjB,YAAY,uCAAuC,EACnD,OAAO,aAAa,qBAAqB,EACzC,OAAO,WAAW,yBAAyB,EAC3C;AAAA,EACC;AAAA,EACA;AACF,EACC;AAAA,EACC,OAAO,SAID;AACJ,QAAI;AACF,YAAM,MAAM,4BAA4B;AAExC,UAAI,KAAK,QAAQ;AACf,gBAAQ,OAAO,MAAM,GAAG;AACxB;AAAA,MACF;AAEA,YAAM,SACJ,KAAK,UAAU,KAAK,QAAQ,IAAI,GAAG,oBAAoB;AACzD,YAAM,kBAAkB,GAAG,WAAW,CAAC;AACvC,YAAM,UAAU;AAAA,QACd;AAAA,QACA;AAAA,QACA;AAAA,QACA,KAAK,UAAU;AAAA,MACjB;AACA,UAAI,CAAC,SAAS;AACZ,gBAAQ,KAAK,CAAC;AAAA,MAChB;AAAA,IACF,SAAS,KAAK;AACZ,YAAM,UAAU,eAAe,QAAQ,IAAI,UAAU,OAAO,GAAG;AAC/D,cAAQ,MAAM,GAAG,IAAI,OAAO,CAAC;AAC7B,cAAQ,KAAK,CAAC;AAAA,IAChB;AAAA,EACF;AACF;AAGF,IAAM,WAAW,QACd,QAAQ,OAAO,EACf,YAAY,0BAA0B;AAEzC,SACG,QAAQ,UAAU,EAClB,YAAY,sCAAsC,EAClD,OAAO,YAAY;AAClB,MAAI;AACF,UAAM,EAAE,OAAO,KAAK,IAAI,MAAM,kBAAkB;AAChD,YAAQ;AAAA,MACN,GAAG,KAAK,8DAAyD;AAAA,IACnE;AACA,YAAQ,IAAI,GAAG,MAAM,KAAK,CAAC;AAC3B,YAAQ,IAAI,EAAE;AACd,YAAQ,IAAI,GAAG,KAAK,gCAAgC,CAAC;AACrD,YAAQ,IAAI,6BAA6B,IAAI,EAAE;AAAA,EACjD,SAAS,KAAK;AACZ,UAAM,UAAU,eAAe,QAAQ,IAAI,UAAU,OAAO,GAAG;AAC/D,YAAQ,MAAM,GAAG,IAAI,OAAO,CAAC;AAC7B,YAAQ,KAAK,CAAC;AAAA,EAChB;AACF,CAAC;AAEH,SACG,QAAQ,QAAQ,EAChB,YAAY,0DAA0D,EACtE,OAAO,YAAY;AAClB,MAAI;AACF,YAAQ;AAAA,MACN,GAAG;AAAA,QACD;AAAA,MACF;AAAA,IACF;AACA,YAAQ,IAAI,EAAE;AACd,UAAM,EAAE,OAAO,KAAK,IAAI,MAAM,kBAAkB;AAChD,YAAQ;AAAA,MACN,GAAG;AAAA,QACD;AAAA,MACF;AAAA,IACF;AACA,YAAQ,IAAI,GAAG,MAAM,KAAK,CAAC;AAC3B,YAAQ,IAAI,EAAE;AACd,YAAQ,IAAI,GAAG,KAAK,oCAAoC,CAAC;AACzD,YAAQ,IAAI,6BAA6B,IAAI,EAAE;AAAA,EACjD,SAAS,KAAK;AACZ,UAAM,UAAU,eAAe,QAAQ,IAAI,UAAU,OAAO,GAAG;AAC/D,YAAQ,MAAM,GAAG,IAAI,OAAO,CAAC;AAC7B,YAAQ,KAAK,CAAC;AAAA,EAChB;AACF,CAAC;AAGH,QACG,QAAQ,OAAO,EACf,YAAY,2DAA2D,EACvE,OAAO,wBAAwB,0CAA0C,EACzE,OAAO,OAAO,SAAmC;AAChD,QAAM,MAAM,KAAK,eAAe,QAAQ,IAAI;AAC5C,MAAI,CAAC,OAAO,OAAO,QAAQ,UAAU;AACnC,YAAQ;AAAA,MACN,GAAG;AAAA,QACD;AAAA,MACF;AAAA,IACF;AACA,YAAQ,KAAK,CAAC;AAAA,EAChB;AACA,MAAI;AACF,UAAM,EAAE,QAAQ,SAAS,SAAS,IAAI,MAAM,gBAAgB,GAAG;AAE/D,eAAW,KAAK,UAAU;AACxB,cAAQ;AAAA,QACN,GAAG,GAAG,OAAO,QAAG,CAAC,IAAI,GAAG,OAAO,EAAE,KAAK,CAAC,GAAG,EAAE,UAAU,GAAG,IAAI,IAAI,EAAE,OAAO,EAAE,IAAI,EAAE;AAAA,MACpF;AAAA,IACF;AAEA,eAAW,KAAK,SAAS;AACvB,YAAM,OAAO,EAAE,SAAS,GAAG,MAAM,QAAG,IAAI,GAAG,IAAI,QAAG;AAClD,YAAM,QAAQ,EAAE,SAAS,EAAE,QAAQ,GAAG,IAAI,EAAE,KAAK;AACjD,YAAM,MAAM,EAAE,UAAU,GAAG,IAAI,IAAI,EAAE,OAAO,EAAE,IAAI;AAClD,cAAQ,IAAI,GAAG,IAAI,IAAI,KAAK,GAAG,GAAG,EAAE;AAAA,IACtC;AAEA,QAAI,CAAC,QAAQ;AACX,cAAQ,KAAK,CAAC;AAAA,IAChB;AAAA,EACF,SAAS,KAAK;AACZ,UAAM,UAAU,eAAe,QAAQ,IAAI,UAAU,OAAO,GAAG;AAC/D,YAAQ,MAAM,GAAG,IAAI,OAAO,CAAC;AAC7B,YAAQ,KAAK,CAAC;AAAA,EAChB;AACF,CAAC;AAEH,IAAM,SACJ,OAAO,YAAY,eACnB,QAAQ,KAAK,CAAC,MAAM,WACnB,QAAQ,KAAK,CAAC,EAAE,SAAS,QAAQ,KAChC,QAAQ,KAAK,CAAC,EAAE,SAAS,QAAQ,KACjC,QAAQ,KAAK,CAAC,EAAE,SAAS,iBAAiB;AAC9C,IAAI,QAAQ;AACV,UAAQ,MAAM;AAChB;","names":[]}

package/dist/init.d.ts ADDED Viewed

@@ -0,0 +1,32 @@
+interface InitFlags {
+    email?: string | undefined;
+    nonInteractive?: boolean | undefined;
+}
+interface InitOutput {
+    token: string;
+    hash: string;
+    email: string;
+}
+declare class InitCancelledError extends Error {
+    constructor();
+}
+/**
+ * Validate an email address for use in env output.
+ * Rejects control characters/newlines that could inject extra env lines.
+ * Returns an error message string on failure, or undefined on success.
+ */
+declare function validateEmail(value: string): string | undefined;
+/**
+ * Run the console init flow.
+ *
+ * Generates a connection token pair and prompts for an admin email.
+ * In non-interactive mode (`-n`), `--email` is required.
+ *
+ * Returns the generated output for programmatic use; also prints
+ * env vars and next steps to stdout.
+ *
+ * Throws `InitCancelledError` if the user cancels a prompt.
+ */
+declare function runInit(flags?: InitFlags): Promise<InitOutput>;
+export { InitCancelledError, type InitFlags, type InitOutput, runInit, validateEmail };

package/dist/init.js ADDED Viewed

@@ -0,0 +1,12 @@
+import {
+  InitCancelledError,
+  runInit,
+  validateEmail
+} from "./chunk-ZEP3C2V6.js";
+import "./chunk-G7RB5NFW.js";
+export {
+  InitCancelledError,
+  runInit,
+  validateEmail
+};
+//# sourceMappingURL=init.js.map

package/dist/init.js.map ADDED Viewed

	@@ -0,0 +1 @@
1	+ {"version":3,"sources":[],"sourcesContent":[],"mappings":"","names":[]}

package/dist/migrate.d.ts ADDED Viewed

@@ -0,0 +1,8 @@
+/**
+ * Load and return the console tables SQL migration.
+ * This SQL creates both `better_console_sessions` and `better_console_magic_links`
+ * tables with all required columns and indexes.
+ */
+declare function generateConsoleMigrationSql(): string;
+export { generateConsoleMigrationSql };

package/dist/migrate.js ADDED Viewed

@@ -0,0 +1,7 @@
+import {
+  generateConsoleMigrationSql
+} from "./chunk-DYJHYSYZ.js";
+export {
+  generateConsoleMigrationSql
+};
+//# sourceMappingURL=migrate.js.map

package/dist/migrate.js.map ADDED Viewed

	@@ -0,0 +1 @@
1	+ {"version":3,"sources":[],"sourcesContent":[],"mappings":"","names":[]}

package/dist/sql/console-tables.sql ADDED Viewed

@@ -0,0 +1,32 @@
+-- Better Console: sessions table
+CREATE TABLE IF NOT EXISTS better_console_sessions (
+  id UUID PRIMARY KEY DEFAULT gen_random_uuid(),
+  email TEXT NOT NULL,
+  token_hash TEXT NOT NULL UNIQUE,
+  permissions TEXT NOT NULL,
+  expires_at TIMESTAMPTZ NOT NULL,
+  created_at TIMESTAMPTZ NOT NULL DEFAULT now()
+);
+CREATE INDEX IF NOT EXISTS idx_console_sessions_token_hash
+  ON better_console_sessions(token_hash);
+CREATE INDEX IF NOT EXISTS idx_console_sessions_expires_at
+  ON better_console_sessions(expires_at);
+-- Better Console: magic links table
+CREATE TABLE IF NOT EXISTS better_console_magic_links (
+  id UUID PRIMARY KEY DEFAULT gen_random_uuid(),
+  email TEXT NOT NULL,
+  code_hash TEXT NOT NULL,
+  session_id UUID NOT NULL UNIQUE,
+  token_hash TEXT,
+  failed_attempts INTEGER NOT NULL DEFAULT 0,
+  expires_at TIMESTAMPTZ NOT NULL,
+  used_at TIMESTAMPTZ,
+  created_at TIMESTAMPTZ NOT NULL DEFAULT now()
+);
+CREATE INDEX IF NOT EXISTS idx_console_magic_links_session_id
+  ON better_console_magic_links(session_id);
+CREATE INDEX IF NOT EXISTS idx_console_magic_links_expires_at
+  ON better_console_magic_links(expires_at);

package/dist/token.d.ts ADDED Viewed

@@ -0,0 +1,22 @@
+/**
+ * Connection token utilities using the Web Crypto API.
+ * Works in Node, Deno, and Bun — no node:crypto imports.
+ */
+/**
+ * Generate a connection token: 32 random bytes as a 64-char hex string.
+ */
+declare function generateConnectionToken(): string;
+/**
+ * SHA-256 hash a connection token. Returns "sha256:<hex>".
+ */
+declare function hashConnectionToken(token: string): Promise<string>;
+/**
+ * Generate a token and its hash in one call.
+ * Returns `{ token, hash }` where hash is "sha256:<hex>".
+ */
+declare function generateTokenPair(): Promise<{
+    token: string;
+    hash: string;
+}>;
+export { generateConnectionToken, generateTokenPair, hashConnectionToken };

package/dist/token.js ADDED Viewed

@@ -0,0 +1,11 @@
+import {
+  generateConnectionToken,
+  generateTokenPair,
+  hashConnectionToken
+} from "./chunk-G7RB5NFW.js";
+export {
+  generateConnectionToken,
+  generateTokenPair,
+  hashConnectionToken
+};
+//# sourceMappingURL=token.js.map

package/dist/token.js.map ADDED Viewed

	@@ -0,0 +1 @@
1	+ {"version":3,"sources":[],"sourcesContent":[],"mappings":"","names":[]}

package/package.json ADDED Viewed

@@ -0,0 +1,64 @@
+{
+  "name": "@usebetterdev/console-cli",
+  "description": "CLI for Better Console — init, migrate, token management, health checks.",
+  "version": "0.3.0-beta.2",
+  "license": "MIT",
+  "repository": "github:usebetter-dev/usebetter",
+  "bugs": "https://github.com/usebetter-dev/usebetter/issues",
+  "homepage": "https://github.com/usebetter-dev/usebetter#readme",
+  "publishConfig": {
+    "access": "public",
+    "registry": "https://registry.npmjs.org/"
+  },
+  "type": "module",
+  "main": "./dist/cli.js",
+  "bin": {
+    "better-console": "./dist/cli.js"
+  },
+  "exports": {
+    ".": "./dist/cli.js",
+    "./migrate": {
+      "import": "./dist/migrate.js",
+      "types": "./dist/migrate.d.ts"
+    },
+    "./check": {
+      "import": "./dist/check.js",
+      "types": "./dist/check.d.ts"
+    },
+    "./init": {
+      "import": "./dist/init.js",
+      "types": "./dist/init.d.ts"
+    },
+    "./token": {
+      "import": "./dist/token.js",
+      "types": "./dist/token.d.ts"
+    }
+  },
+  "files": [
+    "dist"
+  ],
+  "scripts": {
+    "prepare": "mkdir -p dist && test -f dist/cli.js || echo '#!/usr/bin/env node' > dist/cli.js",
+    "build": "tsup && mkdir -p dist/sql && cp src/sql/*.sql dist/sql/",
+    "lint": "oxlint",
+    "test": "vitest run",
+    "typecheck": "tsc --noEmit"
+  },
+  "dependencies": {
+    "@clack/prompts": "^0.10.0",
+    "@usebetterdev/console": "workspace:*",
+    "commander": "^12.1.0",
+    "pg": "^8.13.0",
+    "picocolors": "^1.1.0"
+  },
+  "devDependencies": {
+    "@types/node": "^22.10.0",
+    "@types/pg": "^8.11.0",
+    "tsup": "^8.3.5",
+    "typescript": "~5.7.2",
+    "vitest": "^2.1.6"
+  },
+  "engines": {
+    "node": ">=22"
+  }
+}